This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote host is affected by multiple vulnerabilities.
The remote host is running a version of Palo Alto Networks PAN-OS prior
to 5.0.9. It is, therefore, affected by multiple vulnerabilities :
- A security bypass vulnerability exists due to a failure
to properly enforce RADIUS users' permissions. An
authenticated attacker could potentially exploit this
vulnerability to modify shared objects. (Ref# 55287)
- A cross-site request forgery vulnerability exists due
to a failure to properly validate HTTP requests to
certain file upload forms, including
- Multiple HTML injection vulnerabilities exist due to a
failure to sanitize user-supplied input to the 'Name',
'Subject' and 'Issuer' fields in imported certificates.
An attacker could exploit this vulnerability to inject
arbitrary HTML into the device's web interface.
See also :
Upgrade to PAN-OS version 5.0.9 or later.
Risk factor :
Medium / CVSS Base Score : 6.5
CVSS Temporal Score : 5.7
Public Exploit Available : true